I’ve been to Las Vegas before when I attended Cisco Live 2011, but this is my first time attending the Interop IT Expo and Conference. Mandalay Bay, Las Vegas, and Interop — what a combo.

Like the majority of folks attending, as we walk by the slot machines, craps tables, and roulette wheels, I’m looking forward to learning more about emerging IT topics such as cloud computing and virtualization, data center and storage, and wireless and mobility, as well as security and risk management.

With over 100 sessions jam-packed with info from IT experts from across the globe, I am especially impressed with Interop’s list of heavy-hitters for their keynotes. I’m most excited about Padmasree Warrior, Cisco System’s CTO and Senior Vice President of Engineering. I’m a fan. She’s also General Manager of Cisco’s Enterprise Business. In her keynote, she’ll discuss how technologies such as mobility, cloud, and video are transforming IT. I’m sure she’ll be great. Like I said, I’m a fan.

VMware’s CTO and Senior Vice President of Research and Development, Steve Herrod, will also be on hand to discuss the concept of the software-defined data center during his Interop keynote. I’ve heard he’ll explain how IT needs a software-defined data center that’s flexible, efficient, and the peak of automation to be successful in the marketplace.

Avaya’s Marc Randall will discuss application-driven networking. He’ll explain how applications, devices, and networks have seemingly advanced separately since their inception. Current IT trends require a more proactive integration of these technologies that can potentially be met with application driven networks.

Also on the schedule are Google’s Jonathan Rochelle, Dell’s Dario Zamarian, and Rackspace CTO John Engates, as well as Allan Leinwand, who is the CTO of Infrastructure at Zynga, the creator of the Facebook addiction of the moment — Words With Friends. I’m interested to hear what those guys have to say.

Also marked on my Interop calendar is the unveiling of the HP and Dreamworks collaboration, Cloud’s Silver Screen Debut: How HP & DreamWorks Animation Brought Cloud Computing to the Red Carpet.

I’m curious about the downsides to cloud deployment other than the security risks. I hope one session in particular, Building VMware Private Clouds, will hopefully cover how the enterprise can take virtualization to the next level by building cloud networks with VMware’s vCloud Director product, whether they are private, public, and/or hybrid, as well as how to manage ongoing operations.

In Las Vegas, if only for this week of Interop, BYOD still stands for “bring your own device.” There are three sessions addressing this topic: Tablets: Where Do We Go From Here?, Living With (And Prospering From) BYOD, and How BYOD is Driving Change in the Campus Network. Whether it’s supporting these devices and allowing them on your network or learning how to keep them off your network, BYOD has arrived. You might as well be prepared.

One more thing: If your boss cheaped out and told you to read post-show blogs instead of sending you to Las Vegas for Interop, follow my tweets at @GKJohnMarkIvey during the show to keep up with the week’s events. If you’re actually attending Interop, follow my tweets as well (there are three tweetups that I know of), and stop by the Global Knowledge booth to get the last of our Powered Up t-shirts designed by artist Tom Whalen.

Companies seek professionals who have hands-on experience with new and evolving technologies such as Windows 7, cloud computing, .NET 4.0, VMware, and mobile application development.

Requirements for certain IT positions vary across industries and regions, but firms are seeking the following types of candidates:

Systems and Networking Engineers

Professionals who are experts in cloud computing, Software as a Service, or virtualization are in demand. Those with combined skills in server, software, and networking are most sought after.

Developers

Those skilled in .NET Java, PHP, Silverlight, Flex, MySQL, and portal technologies, such as SharePoint, are in demand.

Quality Assurance Professionals and Business Analysts

With more dollars available for IT projects, managers focus on quality control and assembling more accurate project requirements. Quality assurance professionals can relieve developers so they can focus on coding, while business analysts can help build trust among stakeholders and serve as go-betweens for technology and business.

Data Warehousing and Business Intelligence Professionals

Firms need immediate information that can help them move their business in the right direction. That’s why they seek business intelligence and data warehousing professionals who can gather increasing amounts of data from various streams.

Security Professionals

Data security and protection, especially in industries such as banking and healthcare, will continue to be an in-demand area within technology. In fact, 24 percent of ClOs polled by our firm cited security as their top professional concern.

In addition to specific job-related skills and capabilities, the following credentials are in demand:

• Cisco certifications — Cisco Certified Network Associate (CCNA) and Cisco Certified Internetwork Expert (CCIE)
• Linux certifications — Red Hat Certified Engineer (RHCE)
• Microsoft certifications — Microsoft Certified IT Professional (MCITP), Microsoft Certified Systems Engineer (MCSE), Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified Professional Developer (MCPD)
• Project management certifications — Project Management Professional (PMP)
• Security certifications — Certified Information Systems Security Professional (CISSP), Check Point Certified Security Administrator (CCSA) and Check Point Certified Security Expert (CCSE)
• VMware certification — VMware Certified Professional (VCP)

Reprinted with permission from the Robert Half Technology 2012 Salary Guide.

DR: Unemployment is a topic that is still in the news and affecting many. Mike, as a Senior Director, what do you look for in an individual that is looking to join your team? 

ML: They need to convince me first and foremost they know what they are doing. That can be through certifications, which are important, college education, real world experience. Everything we do has a practical component to it. Knowledge is wonderful, but they need to know how to implement that knowledge from the textbook and into the real world. Let me walk you through my little process:

First, the initial call I make to a candidate comprises a list of the same exact questions that I ask every candidate. I then listen for how they respond, not necessarily just the words they are saying. Anyone can be Googling and be rattling off, “MCSE or TCPIP!”  That doesn’t matter. I’m listening for responses that show they actually understand and know what I’m asking, and they know what they are saying. If the candidate survives the conversation with me, then we move on to the next step. Many candidates do not make it past the first round.

In this next step we have the candidate come in and take a generic technology test to show us that what they say they know, they really actually know it! After they are done with the test, there is another interview. If they do well on the test and the interview, we bring them back for the third and final step.

In this second round of interviews, candidates are actually quizzed by those that they’ll be working with. They are asked real world scenario problems and asked how they are going to solve it.

Third, the candidate has to fit the environment. By moving candidates through this three tiered process, we develop a pretty good understanding of a candidate’s technical abilities. This goes beyond education, beyond certification, and beyond just practical knowledge. Because our team is small and we support multiple countries, we look at these three areas to find those that can work with us and best fill the needs we have so that we can all work as a group. The team approach in Global Knowledge IT is not for everyone. That is not a failing, it is a preference. There is a lot of “we” here, and people who prefer “I” just do not work out in the long run.

[Along with all of the above] a candidate has to demonstrate technical curiosity. There are many ways to do this, and it is something that is hard to fake. You either do it or you don’t.

There is one more point; the long run here is measured in decades. About half of the IT staff have been here 10, 12, 14 years. To become a member of our team requires a long view of technology, customer needs, and a commitment to evolve as both of these things change.

LS: For me I can teach you skills, but I can’t teach you the will, and I can’t make you fit. I look for a couple things that are really important.

First, for people in technology the desire for life long learning is critical. Take, for example, mainframe programmers who learned one technology, and, even though they could see the wave coming, they never learned the new technology for whatever the new client server was. So our team must commit themselves to learning the newest, the latest, and, for that matter, whatever they have to for as long as they are working at Global Knowledge. Because things change, skills get old fast, and they need to keep up to be able to bring value to the organization.

Second, a willingness to take responsibility is important on our team. Again, we have a small team, and the last thing I need is someone to say, “I don’t do that. That’s not my responsibility. Or you need to talk to him about that.” I want people on our team who find the person that can help them take care of a situation. The willingness to take responsibility for a situation when they see something that needs to get done, that’s critical!

Third, I know it’s strange but in my interviews, if I can’t make you laugh I’m probably not going to hire you. It may sound silly, but the last guy I want standing next to me when the roof is falling in and the water is up to my knees is somebody who is frozen and can’t relax and think a problem through. I have found that people that can’t laugh at themselves, at us, at the ridiculousness of a situation, have trouble in crisis. It’s not very scientific, but we all want people we enjoy working with.

DR: What are your thoughts on the integral balance of IT projects and training on new technologies?

ML: There is no one certificate, no one college degree, and no one life experience that will enable someone forever. I hate to keep going back to the building block analogy, but it really is how effective operations work. No matter what the certification is everyone needs to ask themselves, “What’s next?” Having a certain certification might get someone to read your resume. Then that individual needs to show they know what they are doing.  When new technologies come along that lead to projects that drive the need for new skills. Training on a new technology, one that will never be implemented in the organization, is a poor use of limited training time and dollars. If someone wants to learn about the latest laser beam splitter, I am all for learning, but I am not going to fund that learning. However, if someone wants to learn about the next generation of routing hardware or desktop OS, and I know we will bring that technology into the organization within a couple of years, even if I do not have a project queued up yet, yes, I will fund that. Then I will use the new knowledge to plan more effectively and understand the quirks of the new technology before the rollout begins.

DR: Mike, when you are looking to hire someone, where do you place the importance of formal training, degrees, and certifications compared to the time that person has in the industry?

ML: One reason we require two rounds of technology testing is to identify those who really can do the job. Certification is important. Practical experience is important. A college degree is important. However, like I just mentioned, none of these assets directly replaces the other.

I can help a team member get certifications through classes and tests. I can provide support for a team member to earn a college degree. However, I cannot create that internal drive that connects the education/certification to the real world and produces applied knowledge. The practical is the thing that a candidate has to bring to the job. It is also what I referred to earlier as “technical curiosity”. Practical is hard to fake.

To be clear, practical (technical curiosity) does not imply decades of experience in the specific job or role someone is applying to. These are qualities that transfer between roles and jobs. A candidate has them and can demonstrate them or not. Again, it is hard to fake.

DR: What other advice can you share with those that are trying to land entry to middle-management IT positions in today’s economy?

ML: It’s not the technology. Yes, you have to know enough about the organization’s specific technology, but you do not need to be a master of the technology universe. The function of management is applying organization resources to organization goals. Therefore, you need to understand resources and you need to understand the organization’s goals. By the way, making a profit is not enough of a goal.

Lastly, management is about doing. You have to demonstrate your abilities and mitigate your weaknesses by working as part of many different teams and filling many different roles simultaneously. It is quite the opposite of the old adage, those who can do, those who can’t teach, and those who can’t do or teach manage. Management is an action and an activity.

DR: What do you see as some of the benefits technology is bringing to the training industry?

ML: The temporal (time shifting) nature of technologies today benefits training by combining asynchronous options such as e-learning video streams, where you can begin and end a learning sequence on your own schedule, with on-demand task specific answers. There are times when you want to know why a thing works the way it does, so sequential learning gives you that knowledge. There are also times where you just want to know “what do I type” to fix this situation. The Internet, mobile broadband, smart phones, and tablets all enable and facilitate both learning needs.

DR: For many years security within the IT Departments was consistently evolving at a fairly even pace. As the pace of change accelerated with new technologies like cloud computing and mobile devices becoming increasingly popular, what security challenges face you and the industry as a whole?

LS: I think the largest challenge was also the original challenge, and that is the user. There are some very basic and simple things we can do that can give you a lot of protection. Unfortunately, human nature is what it is; people are curious things, people will open anything from anyone they think they recognize. So you have to protect yourself against scenarios like that. I think you start with the basic awareness that there is a lot of garbage going on out there, give people some fundamental training, make them set decent passwords, and change them on a recurring basis, even if they don’t like it! Only implement those edge devices that you can control or that you are willing to accept a risk from. Then it gets expensive and painful as you layer things on. Nothing, nothing keeps everyone out, ever! As fast as you figure something out, someone is figuring a way around it. In my opinion, people within your own company are still your best defense, and Mike can talk about a lot of the tools that can help us.

ML: The whole open source movement also led to the “open virus” movement. The mindset of many malicious hackers is just to prove that, “I can hack into your system, I’m going to do it. To show that I’ve done it, I’m going to grab ten thousand email addresses, two thousand database records, and I’ll post it all over the internet while there is nothing you can do about it!”

Unfortunately that’s kind of the biggest challenge today. There are some really smart virus writers out there that we compete against every day. They have unlimited time to find weaknesses, whereas we have a very limited time to stop them once the viruses start. What they figured out is no matter how good the code is what matters more is their social engineering. Meaning the user says, “I think I recognize the name, so it’s okay I click on this link.” Even beyond that the proliferation of Facebook and games where nudging, watering, and doing tasks are popular has become a way to attack. If the user thinks that by clicking over here is going to do a friend of theirs a favor, what they don’t realize is that something just launched in the background that let the virus in, and the user never knew it. The best viruses are those that go undetected. They enter into a system in onesies, twosies, fivesies at a time. After, say, four systems in an organization are infected, a little beacon goes off saying, “Are you here? Are you here? Are you here? I’m here!” Then there are five of them, and that’s when the virus owns your systems. None of the antivirus tools can block everything, and though we pair combinations of tools with outside services, we cannot stop users from clicking on a link or being curious.

Regarding user sophistication and improved computing tools, that is a business decision. If the business is going to support every user and device request, the business has to pay for all of the added security, personnel, and enabling infrastructures. We manage this through a limited device list along with security practices that begin inside the datacenter and carry all the way through to the end users and their devices.

DR: What advice can you share with other CIOs and Directors in organizations tackling similar challenges?

LS: First truly try to understand what the business needs and what they are looking to pay for that. That includes things like:

• What amount of bandwidth do they really need? What they are willing to pay? How can you make the most of what you already have?
• Does someone really need access to Facebook from work because they are doing some marketing things, and how can you balance that legitimate business requirement against the potential security problems that doing so may present?

So you need to really know what is going on. You have to be able to get through the, “This is so cool! We all got to have iPads, because…well just because!” and to what the business actually needs and [can] actually pay for.

From there it’s a big process of education. We try very hard, but I think it’s that old adage: “If you think you said it, and if you think people understand you, you’re still going to have to explain it to them two or three more times.” We constantly educate users on why we are only one version back on Microsoft. Why we don’t implement until there is at least one Service Pack. Why we don’t allow iPhones, but we allow a limited number of other hand held devices. We have to go through the business reasons for this, the security reasons for that. Mike has gone so far as to even try to educate the users in general by putting little trivia bits and factoids in the monthly maintenance email he sends out. Anything that can get the word out about how to work with us. What we are really trying to accomplish is that everyone understands that it is always a balancing act. So that they understand what our team is working on so that they don’t see the IT Department as a “big black box” where everything goes in, some gears turn, and out comes something IT says the user should have. An example of that, we try, when we see a wave coming, to get in front in it. We try to get things to experiment with, to play around with, and to put our hands on. We actually got a couple of tablets to see if we could make them work. We wanted to do this because everyone likes them, and they are cool devices. It’s all about understanding the business and educating the users to help them believe that you and your team understand the users need.

ML: In the end it is the simple and small things that pay the biggest dividends. Going back to my analogy of the building blocks, for example:

• Requiring a password on all mobile devices — You limit the possibility that someone will pick one up in a bar (remember the famous iPhone incident) which could allow them access into your company’s systems
• Multiple identity challenges — We have it so that even though someone might have a network login, if they want to get into any other systems a different login is required. Just because they can get on the network doesn’t allow them to get to every system or application
• Using SSL everywhere — It is very inexpensive, and you can buy wildcard certificates. Then make sure you send and receive everything encrypted. It’s a little bitty thing, very inexpensive, very little overhead, but in the end you don’t know, and you’ll never know, how many times it saves you

LS: It’s kind of like what the police tell people about your neighborhood. You just need to make your house (IT infrastructure) less attractive then your neighbor’s! You want to make it so that those that wish your business harm go somewhere else because you are taking care and doing all you can to not leave any visible cracks in your environment.

ML: Exactly, and then partner all that we’ve already mentioned with:

• Proactive systems monitoring — You don’t want to be the last one to know that you’ve been hacked! Have systems in place or several that are automated. These don’t have to be high labor cost, human intensive systems. There is some capital spend to put systems like this in place and user licenses, but these systems can alert you to when something doesn’t look right

Lastly, my piece of advice to any CIO or manager overseeing technology assets is: Give your people the permission to shut something off. That can be the biggest win in the war against stopping the spread of a virus or any kind of hack for that matter! We’ve gone to such extents within our training facilities that if a corrupt machine is brought by a student to class, we block their IP address. We will not allow them back on the network until we verified that their machine is clean.

DR: Mike, you have your ITIL certification. Could you touch on how being ITIL certified helped you lay out some of the processes you had to put into place?

ML: Well, how about this. Going for my ITIL certification was quite easy because we were already process driven. I know a lot of people go to ITIL training in order to get an idea of what this really means — a bench mark and set of tools to pull out. We were so far down the path already that I really went to training to learn the terms.

LS: I think that is a big endorsement for the actual ITIL approach. We knew that there was no way we could build out an infrastructure and add suffocation if we didn’t have our basic incident management and problem management under control. It was critical for the team to understand: first I need to put out whatever is on fire. Then I need to figure out how it caught on fire in the first place and make sure I don’t do that to myself again! Mike used all of the ITIL principles. I think this was just a case of he was probably just ahead of the certification body making this information available.

I think Mike will probably talk a lot about our move in our flexibility of the infrastructure, our move to virtual, what we now call the cloud. When he started these projects…

ML: … it wasn’t called the cloud! I want to say one more thing about ITIL. ITIL is just the framework. There are no defined processes. It says, “Go have some processes. Go find the right processes for your organization.” Then repeat and improve them. We were already doing that, and that is why it really did fit. It also proves the ITIL philosophy, “We aren’t going to give you a book and say go do these ten things!” They give you ideas, directions, guidance, and then you have to go figure out what works best for you in your organization. It’s macro level customization for your IT organization.

LS: It also works too because a lot of times you’ll look at prescribed systems for doing things. Take for example the PMP: you’ll think, “How in the world am I going to do that in an organization where I have eight people?” The nice thing about the PMP and ITIL methodology is that you can choose those things that matter most in your environment, and you can implement them in a way that doesn’t drag the whole thing down in bureaucracy and reports. That way, when you understand why the things they suggest to you are important, then you can figure out how best to achieve those ends in your own organizations. Having a deeper understanding of process ideas is critical to a successful implementation.

DR: So Mike, do you want to dive into some of the specifics to what you all have done?

ML: Sure, starting in 2007 we began building the GK Cloud 1 (virtualizing servers, storage services, and appropriate infrastructure). This turned out to be more important than we initially planned because of the economic recession that followed. We were able to keep moving forward in providing new services and removing older servers because we built Cloud 1 to its maximum size from day one.

Moving into 2008 and 2009, even though I didn’t ask for a lot of capital, I could turn off degraded servers and move their related services…

LS: Don’t listen to him. He asked, we just said, “No!”

ML: (laughing) That’s true… I should have said, “I didn’t get to have”. Anyhow, with the completion of Cloud 1, that put in to place our big building block. So, Cloud 1 houses about 65 server services with a 12 terabyte SAN on the back end. We concentrated for the rest of 2008 on our connections into our remote labs. We implemented MPLS into our WAN architecture to support our multipoint infrastructure, and that allows for site-to-site mapping. This move added a layer of intelligence to the WAN to allow more dynamic use of bandwidth. We were able to program it to understand that all remote lab traffic was the most important. So in other words, it takes the packets from the lab, treats them as gold, and gets them through the network as fast as it can to their destination. We then allowed it to degrade everything else such as email and other internet requests. This in turn helped us to deliver something that is very important in remote labs, and that is low latency, while they’re doing their simulations. So across our network, thanks to MPLS and other routing technologies, we try to maintain less than a hundred millisecond delay from point-to-point. In comparison the VoIP standard is one hundred-fifty millisecond. So we think that’s pretty good!

Turning to 2009 we looked to making upgrades internally focusing on our collaboration platform (SharePoint) and began the move to the latest version of the Microsoft Server OS. Also, because of the acquisition of the Canadian based Nexiant, now known as Global Knowledge Canada, we upgraded our remote connection (Citrix) and VPN services so that that they could access our tools like Cognos, Oracle, and Sage SalesLogix.

LS: I think it is very interesting that we added a significant number of heads in the acquisition, and we didn’t need to add any IT operations people. This was in large part due to all the preplanning and being able to leverage the technologies Mike mentioned to manage all of those users and the access they needed.

ML: Exactly! So when we added 175, well I guess at that time it was 200 new heads, what that meant for us was we had to really do a little bit more planning. We had to buy three or four more servers and add some licensing. Again, we were building on the blocks we had already put into place.

Moving into 2010 we physically moved our datacenter from the fourth floor to the first floor, and Lisa and I were able to convince other executives on what we call the “GK 2020” architecture. We spent quite a large chunk of change on the new Cisco Nexus switch technologies. This is the same technology one would normally find in a telco carrier location. The Cisco Nexus is what comprises the core of our datacenter today. This has helped us prepare for literally 10–13 years of service from this particular platform. Additionally, we introduced more Red Hat Linux and worked to refresh our network segmentation for better management and security.

Here in 2011 we are looking at Cloud 2. We haven’t decided on what platform, how much we are going to spend, or vender that we are going to use. We’re going to install the next datacenter core components Cisco ASR routers, which are also carrier class routers. We’re also upgrading Exchange to the latest iteration, refreshing the desktop OS, and at least tripling Internet bandwidth at all US locations. Note, we doubled or better [the] Internet bandwidth at the Canadian locations last year. These are all examples of building blocks for whatever comes, whatever people throw at our department, we are going to absorb it and keep on moving!

DR: You all have certainly done a lot and it looks like you have a bunch going on now. Mike, you had mentioned the importance of low latency when you talking about the implementation of MPLS in 2008. What are the plans you all have when it comes to VoIP as a business whole?

ML: We have VoIP services at all of our training centers right now. For our core call center in Cary, North Carolina we are still using digital technology.

DR: Lisa, could you start us off with a brief introduction to the IT Team and the number of users your team supports?

LS: Sure, the corporate IT team is broken into the following three components:

• Worldwide Operations — Mike Lewis’ area of responsibility
• Business Applications Delivery — Jeff Cody and the business analysts take care of the packaged applications such SalesLogix, the contact management system that Global Knowledge uses, and the Oracle database. Jeff’s team also often acts as a liaison between the user community and the more technical portions of IT to gather requirements and write specifications for any changes that need to be made
• Software Development — John Dell’omo’s team oversees the data warehouse, business intelligence database administration, and the actual applications that we choose to build in house

Those guys are responsible for over 1,400 users throughout North America and Europe. Our team provides second level support for connectivity for email and a variety of infrastructure areas. This includes making sure that all the training centers have the necessary connectivity and all of the tools to access the remote labs that are designed, built, and overseen by Andy Hart and his team who are a part of Product Management.

DR: What can you tell us about the company’s growth in the area of technology over the last few years?

LS: My focus was let’s look at what we deliver, that we make sure it meets the business requirements, and then let’s work on improving our ability to deliver that same business requirement with higher quality along with lower cost. A lot of the things we have done over the last few years have been about instilling a respect for business processes. In this business environment, a lot of times you can’t project out your infrastructure needs ten years into the future. Five years, you’d be really lucky. And often we find it changing more quickly than that. A recent example is that we have courses that we can deliver, but they require a lot of bandwidth. And I think that is going to happen more and more often. Mike has focused on building a very robust, flexible, cost effective infrastructure, and those things are normally intentioned. You can have anything you want if you want to pay through the nose for it, but trying to get the sweet spot, the right amount of capability, the right amount of flexibility, for the right cost has been the challenge. I think it would be safe to say that when Mike and I got here, the infrastructure was pretty old and bad. We spent a lot of time saying, “What is the process going to be? What are we going to need to buy and put in place to enable us to put that in place?”  Mike, you can speak to more of the specifics on that…

ML: Probably the most important part in what Lisa mentioned, in bringing the technology to where it is today, began with the simple philosophy: If we are going to spend any money, let’s spend the right money on the right technology or the right piece of equipment. I would rather have one really good thing than three mediocre or five really bad things. Think of the processes like building with Legos^®. We set out to build the right foundation by installing the right “technology building blocks.” We did this by putting in the right WAN, the right server infrastructure, the right vendor, getting the right relationships in place, and we built on that; one technology block on top of the other.

When the blocks need to be replaced, that’s when the challenge comes into play because you have to lift up, put in the new, and set everything back down and make sure everything works as well if not better than before.

Next week we’ll pick up with the discussion on technologies including ITIL and the Cloud.

Blogging

Blogging in one form another has been around since the early 90’s. The term blog was used by Peter Merholz in 1999. It seems everyone has a blog of one sort another. In many cases, it is a random collection of thoughts and opinions on various subjects. Blogging has become a way for people to be heard in a forum that allows them to express themselves in a “safe” place. Blogs can also be used to offer advice on some piece IT equipment or answer questions posed by others.

Linux

Why Linux one might ask? The popularity of Linux lies in the fact that it is easily customizable, that it can be installed on just about on any system, and, perhaps most importantly, it is open source (read free). Linux is free — you can copy and distribute it without fees or royalties. The source code for Linux is available to anyone who wants to download the installation files from the internet. It is really surprising just how many Linux systems are owned and maintained by teenagers for just these reasons. What you might also be surprised to know is that there is an excellent productivity suite called OpenOffice.org.

Programming

This should not come as a surprise — especially for open source programming languages such as Perl, PHP, Python, and Ruby. While not necessarily writing applications for an enterprise environment, still, applications are being written. Where might these applications be available? Why not look at any one of the common “store fronts” for smart phones? Or how about drivers for hardware devices in Linux?

Game Consoles and On-Line Games

Not really IT skills as such — but it is still something that a lot of teenagers use on a daily basis. In some cases, modifications are made to the consoles to “enhance” game play. Now mind you — most of these mods are usually against the End User License Agreement (EULA). Even given this, there are a number of ingenious modifications that have been made including larger hard drives, open-source operating systems and more. Some of the on-line games such as World of Warcraft (WoW) and Rift are almost worlds unto themselves and have their own language and “culture”. Those who play these games share a common set of game (IT) skills. Again, these are not IT skills that adults might be accustomed to, but when WoW has an estimated game population in excess of 10 million people, there must be some kind of knowledge transfer between the game players.

Hardware

There was a time when teenagers would tinker with cars. Now many teens are tinkering with their computers. There are many things that can be done to improve the performance of a computer, and teens are readily adept at doing such — from overclocking the CPU to enhanced cooling methods and even designing and building computer cases. Today’s teens are incredibly innovative (well, so were those who had the old Commodores, we just had less hardware we could work with)

Texting

Texting has become controversial lately due to people driving and texting at the same time — not a good idea. Many mobile calling plans have a texting package where you can send 5000+ text messages a month (a mere 166 messages a day or so). How many texts do high schoolers send on an average day? According to one study “nearly one out of three kids between 13 and 17 years old send over a 3339 texts a month.” Texting has rapidly become the primary means of communication to the point where actual phone usage has dropped (though data usage has increased). How many texts does the average adult send? — a mere 10 per day. Now my question to you is: DY knw h2 uz txt msgN? If not, then follow this link and see: http://www.lingo2word.com/translate.php

Twitter

Why tweet (or retweet)? A tweet is a post or status update on Twitter. A tweet is a microblog that is used on Twitter (a microblogging service). Each tweet can only be 140 characters or less — so using twitter is as much about messaging as it is about being creative with your tweet (and maximizing what your 140 characters display). Tweeting is gaining popularity with the younger user base — just not as quickly as with texting. Tweets are broadcast out to everyone who is following your tweets whereas teens are mainly interested in socializing with their friends.

Web Design/Multi-Media

This one came up a lot and for a variety of reasons. Creating web sites is still in strong demand even though there are numerous places where one can design and publish your own website. This is an excellent way for creative high school students to learn invaluable IT skills and potentially earn some money. Along with the ease of creating websites has come the ability to create multi-media clips. These are finding their way onto YouTube and other sites.

Facebook

Ok, I know, EVERYONE is using Facebook — but included in this audience are high schoolers. I doubt that they are using Facebook to get in touch with old school mates but rather to maintain contact with current friends and, especially, current activities. Are some playing the games found in Facebook? Of course, otherwise we wouldn’t be inundated with requests to play a game so that the invitee can access new levels or features.

Tech Support

Yes, that’s right, tech support. I don’t mean technical support at the enterprise level, but teenagers are providing technical support for their families. In many cases, their assistance is used for churches and non-profit organizations that don’t have the wherewithal to hire an IT consultant. Some schools have used their more IT inclined students for assistance (not for the production computers, of course, but for lab PCs). This IT tech support help also carries over to helping their friends’ computers (and other hardware devices — think wireless, routers and home networks. Home networks and streaming media are another area where you find a younger crowd more involved.

What is surprising here is not that high school students are IT savvy, but to what extent and breadth their knowledge extends. It is remarkable seeing how quickly a teenager can figure out the inner workings of a smartphone while the adult fumbles learning just how to turn the phone on in the first place.

I want to thank Christopher Jenkins whose help was invaluable for this article.

NOTE: The ranking below are based on certifications that received the minimum number of responses required to derive a salary figure that is statistically accurate. There are certifications that pay more but aren’t represented due to their exclusive nature. These include CCIE: Cisco Certified Internetworking Expert and VCDX: VMware Certified Design Expert, for example.

1. CCDP: Cisco Certified Design Professional ($107,878) There are two tracks at the Associate and Professional levels — Designing and Networking. The Cisco Certified Design Professional (CCDP) certification demonstrates that the individual who passed the required exams possesses advanced knowledge of Cisco network design concepts and principles. The CCDP certified individual can discuss, design, and create advanced networks. With the CCDP certification, you can plan addressing and routing schemes, security, network management, data center, and IP multicast complex multi-layered enterprise architectures that include virtual private networking and wireless domains. The CCDP curriculum includes building scalable internetworks, building multilayer switched networks, and designing network service architecture.
2. ITIL Expert Certification ($107,092) What is this ITIL that we hear so much about? The Information Technology Infrastructure Library (ITILv3) is a foundational process that provides for quality IT Service Management. The success of ITIL is through the use of documented and proven processes that cover the entire Service Lifecycle.

   The ITIL Expert level is the third of four levels. The ITIL Expert level certification is aimed at those individuals who are interested in demonstrating a superior level of knowledge of ITIL Version 3 (V3) in its entirety. Once you’ve achieved ITIL Expert level you will also satisfy the prerequisite entry criteria for the ITIL Master Level, the highest level of certification within the ITIL V3 scheme; though the Master level is still under development.

3. PMP: Project Management Professional ($103,570)The Project Management Institute’s (PMI) Project Management Professional (PMP) credential is recognized as the most important certification for project managers and is in heavy demand. The Project Management Professional credential demonstrates that you not only have the experience but also the education to successfully lead and direct projects. The PMP credential is for experienced project management professionals as the qualifications and testing and for this certification are rigorous. All of these factors ensure that the PMP credential is widely respected. The PMP experience and exam requirements focus on five process groups: Initiating, Planning, Executing, Controlling, and Closing.
4. CISSP: Certified Information Systems Security Professional ($100,735) The Certified Information Systems Security Professional (CISSP) credential is for security managers and professionals who develop policies and procedures in information security. The CISSP certification has become the gold standard in information security certifications and education. Earning and maintaining a CISSP certification is required for many governmental, military, and civilian security positions. The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Organization for Standardization) Standard 17024:2003. Earning your CISSP certification is not only an objective measure of excellence, but is a globally recognized standard of achievement.
5. CCDA: Cisco Certified Design Associate ($97,995)The Cisco Certified Design Associate (CCDA) demonstrates that the individual who passed the required exams has the requisite knowledge, experience and understanding required to design a Cisco converged network. A CCDA certified individual has the skills to design a routed and switched network infrastructure and services involving LAN, WAN, and broadband access for businesses and organizations.
6. CCNP: Cisco Certified Network Professional ($97,296)There are two tracks available at the Associate and Professional levels — Designing and Networking. The Cisco Certified Network Professional (CCNP) demonstrates that you have the ability to plan, implement, verify, and troubleshoot local and wide-area enterprise networks. A CCNP certified individual is expected to work collaboratively with other Cisco specialists on advanced security, voice, wireless, and video solutions.
7. ITIL v2 Foundation & ITIL v3 Foundation ($96,128 & $93,250) ITIL v3 is the current version of this widely adopted best practices framework for IT management. The ITIL Foundation certification is the first of four levels in ITIL and offers those who are certified a general awareness of the key elements, concepts, and terminology used in the ITIL Service Lifecycle, including the linkages between Lifecycle stages, the processes used, and their contribution to Service Management practices.
8. CCNA: Voice ($92,837)There are two tracks at the Associate and Professional levels — Designing and Networking. The Cisco Certified Network Associate Voice (CCNA Voice) demonstrates that an individual possess the required associate-level knowledge and skills to administer a voice network, and validates skills in VoIP technologies such as IP PBX, IP telephony, handset, call control, and voicemail solutions.
9. AIS: HP Storage Works ($91,158) An HP Accredited Integration Specialist (AIS) is able to design, support, and integrate business-class solutions (potentially including platform, operating system, software, storage, network, and option components) to solve the business requirements of a customer. The AIS: Storage Works certification validates that you, as an HP technical professional, are fully able to prepare an HP Storage Works solution for a customer and can perform all aspects of installation and startup service.
10. AIS: HP ProLiant ML/DL/SL Servers ($87,332) An HP Accredited Integration Specialist (AIS) is able to design, support, and integrate business-class solutions (potentially including platform, operating system, software, storage, network, and optional components) to solve the business requirements of a customer. A certified HP technician will be able to fully prepare a ProLiant expandable tower (ML), rack mount (DL), or scalable (SL) server. The certified HP technician is able to perform all aspects of installation and startup tasks, including hardware configuration, operating system installation, HP driver installation, and full management instrumentation and place these systems into either a test environment or into production or be ready for the customer to install his applications.
11. VCP: VMware Certified Professional ($87,151) Virtualization and those who are knowledgeable with virtualization products are in heavy demand. VMware is one of the leading vendors of virtualization products, and earning a VMware certification is the first step toward gaining industry recognized expertise in virtual infrastructure and the industry recognition that goes along with it. The VMware Certified Professional (VCP) demonstrates that you have the skillset to successfully install, manage, and deploy VMware vSphere 4.
12. CompTIA Project+ ($87,057) The CompTIA Project+ certification (as is true for most CompTIA certifications) is an international, vendor-neutral certification that covers the entire project life cycle from initiation and planning through execution, acceptance, support, and closure.

    The Project+ certification covers the business and technical project management skills needed to successfully manage business projects. A Project+ certified Project Manager has the demonstrated required skills necessary to complete projects in a timely manner and within budget as well as emphasizing achieving buy-in from stakeholders and maintaining proper scheduling. The Project+ certification can be earned in a reasonable period of time and with less expense than other project management certifications. There are several advantages in earning a Project+ certification: you do not have any prerequisite, you do not have to submit an application, and you don’t have any continuing education requirements.

13. APS: HP Blade System Solutions ($86,554) The Accredited Platform Specialist (APS) — HP Blade System Solutions certification is a hardware support certification designed for HP field repair engineers. This certification validates the skills required by Field engineers who need to perform basic troubleshooting, repair, installation, configuration, and verification of the proper operation of HP Blade System products. Those earning this certification are mainly service technicians who work for HP or HP channel partners
14. CEH: Certified Ethical Hacker ($86,053) A Certified Ethical Hacker (CEH) is a skilled security professional who understands the weaknesses and vulnerabilities in target systems and knows how to use this knowledge and specific tools as if he were a malicious hacker. Individuals who have earned the CEH certification from EC-council may fulfill job roles such as security officers, auditors, security professionals, site administrators, or anyone who is concerned about the integrity of the network infrastructure. An Ethical Hacker is an individual who is usually employed or contracted by an organization and who can be trusted to ethically penetrate corporate networks and/or computer systems using the same methods and tools as a hacker. The key point is that an Ethical Hacker has written authorization to probe and possibly penetrate the target network.
15. MCDBA: Microsoft Certified Database Administrator ($84,683) The roles and responsibilities of a database administrator are quite varied and as a consequence so is the necessary skill set. Access to information (both speed and accuracy) is critical to corporations and as a result, corporations are dependent on their databases. The Microsoft Certified Database Administrator (MCDBA) certification validates the unique skill set required to succeed in a variety of job roles, such as database administrator, database analyst, and database developer on SQL Server 2000. An MCDBA will most likely have knowledge of Visual Basic or other scripting languages, C/C++, Java, and other programming languages. A DBA must also have knowledge of the relational database language used for their database (Oracle’s PL/SQL, Microsoft’s T-SQL). For individuals who administer, develop, or analyze Microsoft SQL Server 2005 or SQL Server 2008 databases, Microsoft offers Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) certification paths.

If you don’t see your certification listed above, visit the Global Knowledge web site for a complete listing of over 100 certifications and their respective average salaries.

1. Software Installation and Support

“How can this be?” you say? Simple! The Cloud. Software as a Service (SaaS) and Platform as a Service (PaaS) are rapidly growing in use. It makes sense for many firms to adopt these services: reduced cost and technical support. No longer must a small company spend the money on high-end servers and consultants — they can “rent” the same service from a provider. From a technical perspective, this means that many level-1 support staff need to expand their skill set. The companies that provide SaaS are happy since they have a guaranteed revenue stream as consumers and businesses no longer purchase their software once; rather we “rent” the usage of the software packages.

2. Email

“What?” you say. Email being an outdated skill set — perish the thought! While it’s not passé yet, the number of people who use email in several age groups is declining according to TechCrunch. What does this mean for the business environment? Other communication modalities are on the rise such as texting/IM and web conferencing. The average business person might not see an impact as of yet, but fewer younger workers adopt and use email (use of IM and social media outlets are on the rise, especially the social media outlets).

3. Telephony

PBX systems became somewhat akin to mainframes. People predicted PBX systems demises for sometime, but they still persist. The underlying principles of telephony haven’t changed (good old Erlang will be around for some time), but the implementation did. Many businesses are interested in a comprehensive communications package — one that does more than just provide a phone on a desktop. Microsoft’s Lync Server changed how we look at presence, voice, IM, and conferencing. The days of having a physical phone and the techs to support that physical phone are numbered. The PSTN (public switched telephone network or, as some refer to it, POTS — plain old telephone service) networks will gradually be replaced. A growing number of individuals and households are getting rid of land lines and use their cell phones.

4. IPv4 Subnetting

On 3 February, 2011, the last top-level block of public Internet Protocol version 4 (IPv4) addresses was assigned. Now it’s onward to IPv6. Well, not quite that fast, but soon. This also means the art of subnetting IPv4 addresses will soon be a skill of the past as we move to IPv6. For all of us who spent hours understanding the significance of /22 (how many subnets and hosts per subnet and what the subnet mask derived for this notation), I am sorry to say this is a skill set that will go away in the not so distant future (of course they said that about Morse code, but we still use that as well).

5. Typing (or the rise of IM speech)

This may seem like a strange IT skill to be on the decline, but think of the rise of “text or IM Speech”. First the hand-written letter declined due to the rise of email, now it’s proper typing in lieu of texting/IM. A new generation of IT users came into the workforce who don’t use email as much as the last generation and who use texting as their means of communication vs. typical emails.

6. Non-TCP/IP Networks

When one thinks of the internet and communication protocols, you most likely think of TCP/IP as the default protocol. This is true now and was true when the “Internet” was still under the control of DARPA and mainly used between government installations and higher education institutions. But there was a time from the mid-1980s to the mid 1990s that another protocol was used heavily: IPX/SPX. Novell’s NetWare was mainly responsible for the rise and acceptance of IPX/SPX during this period. IPX/SPX was originally derived from Xerox Network Systems’ IDP and SPP protocol. With the release of NetWare 5.x, IPX/SPX fell from use as TCP/IP became the favored protocol used.

7. Hardware

There was a time, not so long ago, where we performed our own component-level repair; that is, repairing or replacing computer components (think ROM chips). When is the last time you used that chip replacement tool that used to come with all computer tool kits? Now we simply get a new card, or in the case of tablets and other such systems, we send it in. Along these same lines, how about printer maintenance? In many cases it is cheaper to buy a low-end ink-jet type printer and sell it once the cartridge is empty than it is to buy a replacement ink-jet cartridge. Impact printers anyone? They are used in some areas extensively (think airline passenger lists), but have pretty much disappeared in most office and home scenarios.

8. HTML — Web Developer

Why the differentiation? The HTML developer writes the code that runs the website as opposed to a web designer who typically uses a graphics program to create the website layout and then uses a second program to make the design for viewing on the web. So which one is on the decline? That would be the Web Developer. This is due primarily to the rise of web design programs. Web developer skills will be in less demand, but does not mean their imminent demise in 2011.

9. Older Server Operating Systems and Server-based applications

Here is another older skill set that must be clearly defined. If you have been in the IT field for more than 5 years or so, you have probably migrated to a new server technology. This is applicable for server technology such as operating system (Windows 200 or even NT4) or applications that run on the servers such as email systems, database programs, or even networking technologies. We have all run across somebody who refuses to learn a new server operating system (given my druthers, I would gladly take Windows Server 2008 R2 over NT4 or Windows 2000). You cannot continue to market yourself as an NT4.0 guru and expect to remain employed for much longer. There just aren’t that many systems remaining in use.

10. COBOL

COBOL was been around for over 50 years; in fact, it is one of the oldest programming languages. The demise of COBOL has been proclaimed for 20 years and yet it still remains. There was a resurgence of use and interest in COBOL just prior to Y2K, but it’s dwindled since then. There are few places to learn COBOL but there is still a need to support the business applications written and supported by COBOL programmers — for now. As new applications are written in other languages, the programs that were written in COBOL and the people who support these older apps will find themselves needing a new skill set.

Originally posted in the Global Knowledge Newsletter

1 – Length Matters. Every character you add to your password increases its security by probably 1,000-fold. So your password is only four characters, huh? Now you’re just being lazy. Hope you don’t mind if a complete stranger reads your e-mail. Though eight-character passwords are very popular, if you want to make a hacker’s life hellacious, create a 12 or 14-character password.

2 – Don’t Use Names. If I were trying to guess your password, my first guesses would be your name, your wife’s, your kid’s, and your pet’s if I knew you well enough or had access to your completely public Facebook account. Admiral Barky is a great pet name, but as far as passwords go, it’s kind of weak, especially since Admiral Barky’s very own Facebook page is open to the public as well.

3 – Use Uppercase Characters. By using at least one uppercase character, you are ensuring the security of your password. If you capitalize a letter other than the first, which is the most popular of course, you increase your password’s security even more.

4 – Use Special Characters. You’d be surprised how much more difficult an asterisk, exclamation mark, or plus sign will make your password to crack. Let your inner geek muse go wild with choices like “linux+Penguin,” “BigB@ngTheory” or my probable future DC Online password “greenLan+ern.”

5 – Keep It Complicated. Essentially every word allowed in Scrabble, even if it contains the letters Q, K, P, or Z, is unusable by itself as a secure password. Ever thought about using “12345678” or “qwerty”? Well don’t. The same goes for “password,” “internet,” “security,” and “letmein.” Even though I am a fan of the popular alternative “p@ssword,” add some numbers or an uppercase character to secure it further. If you have used common passwords, it’s okay, most of your peers have done the same in the past. Just make sure it stays in the past because those weak passwords won’t last long against a determined hacker.

6 – You Can Never Use Place Names Again. You were born in Richmond, and it’s a fine city, but it makes for a bad password. I hear that Florence, Italy, and Florence, SC are both great places to live, but steer clear of place names when it comes to password creation. Eight-letter words are very tempting, aren’t they Portland? But they are just too dangerous to use. I bet plenty of Atlanta residents use “atl30322,” the popular nickname for Atlanta plus the zip code. You can be more original than that. Show some creativity.

7 – Keep It Creative. Speaking of creativity, Green Bay and the Steelers had awesome seasons, but don’t do it. I’m a longtime Duke Basketball fan, but they’ve never made an appearance in my password tourney. I like the Black Eyed Peas as well as any music act these days, though they’re better in concert than the studio, but that’s no reason to base my password security on them. But I have to confess that “Ferg@!icious” just might work.

8 – Numbers Aren’t As Secure As They Used To Be. There was a time when your birthdate would have probably made a fairly secure password. But not anymore. Same goes for your anniversary, the year you were born, your full Social Security number or the last four digits, a telephone number, and the aforementioned zip code. Adding at least one letter to your numerical password is a good habit, just like one number or an uppercase character helps secure a password of mostly letters.

9 – Make It Memorable. When I used to be tasked with resetting passwords, I found that the users who forgot their passwords most often were the ones who were most likely to “dumb-down” their passwords. They gave up security for convenience despite having a readily available department on duty to reset passwords in an instant. A secure password that is memorable is not hard to achieve with some effort. There has to be something with some associated numbers that has some meaning to you every time you stare at that empty password field on your computer screen even after a week’s vacation. Just don’t be tempted to ever write it down.

10 – Acronyms Can Help. How secure do you think “Idw2mmpw2l” would be? It’s simply the sentence — “I don’t want to make my password too long.” Memorable acronyms like “The quick brown fox jumps over the lazy dog,” resulting in “tqbfjotld,” would prove to be less secure than something random unless you throw in an uppercase letter, a number, or special character or two. Actually, I came up with this method when a co-worker I supported “cns2rh@#$%pw”, or, in other words, “could never seem to remember his darn password.” Only slightly paraphrased of course.